ElcomSoft Researchers Bypass Apple's iOS USB Restricted Mode
Apple has launched iOS 11.4.1 and this is the update that adds USB Restricted Mode to the iPhone. The intention with USB Restricted Mode was to lock down the USB port of an iPhone to block intrusion techniques using third-party devices to crack the passcode of devices.
USB Restricted Mode deactivates USB data processes via the Lighting port when the device is locked for more than an hour. Once that hour limit is reached, the USB port is only good for charging the iPhone. Security Researchers at ElcomSoft have discovered what appears to be an oversight on Apple's part that allows the USB port to continue working normally for an indefinite period.
All police or hackers trying to gain access to a device need to do is connect a Lighting accessory, such as the USB 3 camera adapter, to the iPhone in question before the initial hour-long window expires. Doing so will reset the timer, effectively defeating Apple's fancy security protocol. The researchers note that even untrusted accessories that have never been connected to the iPhone before can reset the timer.
ElcomSoft researchers are currently working to see if unofficial Lighting to USB adapters can reset the one-hour time limit. It's worth noting that the accessory must be connected before USB Restricted Mode goes into effect; once activated the team has found no way to bypass the issue. Once the restricted mode lockout is in effect it continues no matter if the device is rebooted or if the software is restored via Recovery mode. Researchers confirmed that this accessory workaround works in the latest iOS 12 beta as well.
"In other words, once the police officer seizes an iPhone, he or she would need to immediately connect that iPhone to a compatible USB accessory to prevent USB Restricted Mode lock after one hour," ElcomSoft's Oleg Afonin explains in a blog post.